Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training,
learning paths, books, tutorials, and more.

Granting Privileges

PostgreSQL maintains a
tightly controlled set of access control lists or ACLs. This information
describes which users are allowed to select from, update, and otherwise modify objects within a
database. A set of access privileges and restrictions exist for each applicable database object
in PostgreSQL (e.g., tables, views, and sequences). Superusers and owners of database objects
maintain these ACLs through a pair of SQL commands: GRANT and REVOKE.

As stated in Chapter 9, when a user first creates a database,
they are implicitly the owner of that database. Similarly, whenever someone creates that
database object, it is owned by that individual who issued the related CREATE SQL command.

Aside from PostgreSQL superusers (who may manipulate any database object in any way), only
the owners of database objects are allowed to grant and revoke privileges on the objects which
they own. Though any user may connect to a database, if they wish access to objects within that
database they must have those privileges explicitly granted to them.

Understanding Access Control

As mentioned earlier in this section, access control lists apply to three types of
database objects: tables, lists, and sequences. For these objects, there are four general
privileges which may be granted to, or revoked from, a user or group. The ability to revoke
rights exists only to undo the function of having granted them. Users and groups have no
rights to begin with.

From the psql client, you can view ACL ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training,
learning paths, books, interactive tutorials, and more.